Cloudflare Security Advisories — May 2025 — Cloudflare Security Advisories

Cloudflare Security Advisories · May 2025 — Cloudflare Security Advisories

5 advisories 21 CVEs 3 EXPLOITED

Cloudflare CNA advisories (GHSA, blog, changelog) for 2025-05. Mirrored into Vulnetix VDB.

Every advisory below is enriched with the Vulnetix VDB exploit-intelligence chip (hover a CVE ID in the interactive page to see CVSS, EPSS, KEV status, and PoC maturity). 3 are already weaponised in the wild — see the Exploited section.

Back to archive Open Console

Advisories

CFADVISORY-CL-application-security-waf-waf-release-2025-05-27

ChangelogExploited2025-05-27

WAF - WAF Release - 2025-05-27

CVEs:CVE-2024-48248 CVE-2025-1098 CVE-2025-30066 CVE-2025-31324 CVE-2025-31644 CVE-2025-32421 CVE-2025-32432 CVE-2025-4427 CVE-2025-4428

Upstream advisory

CFADVISORY-2025-resolving-a-request-smuggling-vu

Blog2025-05-22

Resolving a request smuggling vulnerability in Pingora

CVEs:CVE-2025-4366

Upstream advisory

CFADVISORY-CL-application-security-waf-waf-release-2025-05-19

ChangelogExploited2025-05-19

WAF - WAF Release - 2025-05-19

CVEs:CVE-2024-38475 CVE-2024-56145 CVE-2025-27520 CVE-2025-34028

Upstream advisory

CFADVISORY-2025-vulnerability-transparency-stren

Blog2025-05-16

Vulnerability transparency: strengthening security through responsible disclosure

Upstream advisory

CFADVISORY-CL-application-security-waf-waf-release-2025-05-05

ChangelogExploited2025-05-05

WAF - WAF Release - 2025-05-05

CVEs:CVE-2021-20040 CVE-2021-20041 CVE-2021-20042 CVE-2024-52875 CVE-2025-24893 CVE-2025-31489 CVE-2025-3248

Upstream advisory

Need live exploit intelligence?

Every CVE above is indexed in the Vulnetix VDB with KEV, EPSS, and PoC maturity. The interactive page surfaces that on hover.

All months Open Console